Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (DRAFT)

[Project Description] TLS Server Certificate Management

Date Published: October 2017
Comments Due: October 25, 2017 (public comment period is CLOSED)
Email Questions to: tls-cert-mgmt-nccoe@nist.gov

Withdrawn: November 09, 2017

Author(s)

William Haag (NIST), W. Polk (NIST), Murugiah Souppaya (NIST), William Barker (Dakota Consulting), Paul Turner (Venafi), Russ Housley (Vigil Security)

Announcement

This project provides guidance on the governance and management of Transport Layer Security (TLS) server certificates in enterprise environments to reduce outages, improve security, and enable disaster recovery related to certificates. The project will be result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to perform the following actions:

  • develop a set of policy attributes;
  • establish and maintain an inventory of TLS certificates;
  • assign and track certificate owners;
  • identify issues and vulnerabilities of the TLS infrastructure;
  • automate enrollment and installation;
  • report the status of the TLS certificates; and
  • continuously monitor TLS certificates in the typical enterprise environment.

Abstract

Keywords

transport layer security (TLS); certificate management; private-key security; certification authority (CA); CA compromise; automatic certificate management environment (ACME); secure sockets layer (SSL); public key infrastructure (PKI)
Control Families

None selected

Documentation

Publication:
Draft Project Description

Supplemental Material:
Submit Comments (other)
Project Homepage (other)

Document History:
Draft White Paper (10/12/17)
White Paper (11/9/17)